mirror of
https://github.com/semver/semver.git
synced 2026-07-11 04:52:47 -05:00
[GH-ISSUE #540] Question about prelease specification #4641
Reference in New Issue
Block a user
Delete Branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @P1ng-W1n on GitHub (Nov 15, 2019).
Original GitHub issue: https://github.com/semver/semver/issues/540
According to the semver rules , section 9:
Discussed this topic over https://github.com/python-semver/python-semver/issues/194, and we concluded that the current specification is clear when it comes to numbers, but it's a little bit misleading to strings (that could also start with a numeric zero).
Considering that prerelease versions are interpreted as strings, so I don't see the reasoning behind this rule
Could someone please help to clarify this?
@wizzwizz4 commented on GitHub (Nov 15, 2019):
It means that logically numeric values (values that count up) mustn't have leading zeroes, but accidentally numeric values (e.g. the spyware release,
007) that should just be treated as arbitrary text are fine.@P1ng-W1n commented on GitHub (Nov 15, 2019):
I see.
If my understanding is correct, then this would mean that 0.1.0-0abcdef is be considered a valid Semver version in that case. Is that actually being the case?
@runeimp commented on GitHub (Nov 16, 2019):
Yes-ish. When they say numeric identifiers the thought is (as I understand it) decimal values not hexadecimal, octal, or odd strings. The point is that systems that parse SemVer strings need to be able to sort these strings in a reasonably and consistent way. A decimal number should not have leading zeros because that could be confused as an octal number or possibly hex value i.e.; octal
052for the decimal value42or hex0xfffor decimal255.0abcdefwould just be an odd string though I'd guess it's intended as hex. But as there is noxafter the0as used in classic hex notation it's impossible to be certain that it should be interpreted as hex. That effects sorting and you could easily end up intending it to be hex value and when parsed by another system is sorted as as string. So if you intend that to be hex then you should make it obviously hex if you intend that. If it's just a string you're probably fine. But a 3rd party with a more loose interpretation of what should be viewed as a hex value might still sort it as such which would likely change the sorting order. So I'd avoid it unless you absolutely, positively, swear on your great grandmothers grave, that you will never, ever let a third party have need of access to your semver number. 👼@P1ng-W1n commented on GitHub (Nov 16, 2019):
Hi @runeimp
The reason I raised this issue is because apparently different clients interpret that differently :)
To give some context 0abcdef in my scenario is a git hash.
According to the semver.org provided regexp examples that should pass the semver versioning:
However, the situation is not that clear when it comes to python clients:
According to python-semver's interpretation of the Backus–Naur Form Grammar for Valid SemVer Versions the above semver should not be valid, but according to your explanation it should be.
This also means (at least in my understanding) that the current definition could be read incorrectly, and further clarification might be required in the phrasing.
@runeimp commented on GitHub (Nov 21, 2019):
@P1ng-W1n Yes, with the spec changing a bit over time your almost guaranteed to run into semver tools that are written against a different specification than what you may be expecting. Whether you expect the latest (ever changing over time), SemVer 1.0.0, etc. Reviewing the BNF for SemVer 2.0.0 and the RegEx I believe the Python module is incorrect. At least in regards to SemVer 2.0.0. A slightly earlier version (RC1, RC2, etc.) may have not allowed for it. But the SemVer 2.0.0 regex and BNF both support alphanumeric string with or without a leading zero in both of their list of supported options. Only purely numeric values should not start with a leading zero according to spec item 9.
@jwdonahue commented on GitHub (Nov 25, 2019):
The semver spec says nothing about hex or octal numbers in any field. The only allowed numeric symbols are [0-9]. Neither the Backus-Naur or the regex interpret hex or octal fields. So
-0fe6b123would be interpreted as alpanumeric, where only ASCII sort order would apply.@jwdonahue commented on GitHub (Nov 25, 2019):
There are more incorrect regex's in use in the world today than there are correct ones. What a specific implementation says about a particular version string with regard to SemVer status, is not necessarily correct. That's why we spent the better part of a year, developing and vetting the regex's provided in the latest FAQ.
@jwdonahue commented on GitHub (Nov 25, 2019):
To put it another way, the presence of any alpha characters [A-Za-z] in the field, make it an alphanumeric field, therefore the no leading zero rule doesn't apply. The spec clearly states
Numeric identifiers are [0-9]. Whoever wrote that python parser, got it wrong.
@jwdonahue commented on GitHub (Nov 25, 2019):
I would not embed git hashes in the prerelease tag. While they are the results of a numeric algorithm, they are highly randomized, therefore sorting them as alphnum's is pointless and may in fact be harmful. Prerelease tags are included in the sorting rules. Randomized data belongs in the build-meta tag, not the prerelease tag.
@jwdonahue commented on GitHub (Jan 15, 2020):
@P1ng-W1n, unless you have further questions, or intend to issue a related PR, please close this issue at your earliest possible convenience.
@P1ng-W1n commented on GitHub (Jan 21, 2020):
Hi @jwdonahue
Sorry for the late response. Yes, the ticket can be closed, but before that I would like to share part of my investigation with others, who might think about including a git hash in their release versioning schema (feel free to use this commit as a reference for others):
So as described above, git hashes could start with a leading zero, which could cause "misunderstanding" depending of the semver library used (and whether that's interpreted as a numerical or to an alphanumerical value).
One could argue if that should be accepted or not, however one has to realize that a git hash could actually contain only numerical values, and could start with a leading zero, such as 0123456...
In that case the hash should be interpreted as numerical, meaning that it would go against the
current semver directives.
TLDR: Don't use a git hash as part of your semver versioning.. Or if you have to, add a prefix to it (sha0123456...)